Q: How do I report a spoofed email address?

I am answering this question because I’ve recieved so many spoof/spam messages lately to my email address(es) at me.com.

I decided to find out how to report them; here’s what I found out:

Suspicious email messages can be forwarded to one of the following; 

• spam@icloud.com
• abuse@me.com

Make sure to include the long header. Long headers can be displayed using the menubar (see below)

Then either copy & paste the long header or simply forward the entire message.

Example of long header from a suspicious email:

  “From:   Kikki Howard <noreply@hakahakajkfbczj.googlemoogl.tk>

  Subject:   Kiss to you

  Date:   June 9, 2013 4:21:21 PM PDT

  To:   xxxxx@me.com

  Return-Path:   <noreply@hakahakajkfbczj.googlemoogl.tk>

  Received:   from nk11p00mm-smtpin004.mac.com ([xx.xxx.xxx.xxx]) by ms04574.mac.com (Oracle Communications Messaging Server 7u4-26.01(7.0.4.26.0) 64bit (built Jul 13 2012)) with ESMTP id <0MO5001Y5FJL6NL0@ms04574.mac.com> for xxxxx@me.com; Sun, 09 Jun 2013 23:21:21 +0000 (GMT)

  Received:   from hakahakajkfbczj.googlemoogl.tk ([91.191.18.62]) by nk11p00mm-smtpin004.mac.com (Oracle Communications Messaging Server 7u4-27.05(7.0.4.27.4) 64bit (built Apr 23 2013)) with SMTP id <0MO50002UFJJV0G0@nk11p00mm-smtpin004.mac.com> for xxxxx@me.com (ORCPT xxxxx@me.com); Sun, 09 Jun 2013 23:21:21 +0000 (GMT)

  Received:   from nwk-txn-msbadger0204.apple.com (nwk-txn-msbadger0204.apple.com. [xx.xxx.x.xx]) by xx.xxx.x.xx with HTTP; Mon, 10 Jun 2013 01:21:21 +0200

  Original-Recipient:   rfc822;xxxxx@me.com

  X-Proofpoint-Virus-Version:   vendor=fsecure engine=2.50.10432:5.10.8626,1.0.431,0.0.0000 definitions=2013-06-09_07:2013-06-08,2013-06-09,1970-01-01 signatures=0

  X-Proofpoint-Spam-Details:   rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=14 phishscore=0 bulkscore=53 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1305010000 definitions=main-1306090279

  Dkim-Signature:   v=1; a=rsa-sha256; c=simple/simple; d=hakahakajkfbczj.googlemoogl.tk; s=hakahakajkfbczj; h=from:subject:date:to:content-type; bh=tL+/wJmQOT1qfRAmSggBixqXyEIqt839Zb4SbOAPNOM=; b=…lggV4PzuGc/TkDUNdlU=;

  Message-Id:   <0D66EC23-70A1-D480-7514-D280D76FF040@apple.com>

  Mime-Version:   1.0 (Apple Message framework v936)

  Content-Type:   multipart/mixed; boundary="-4277442969-183115831-7904244676=:70228 ”

You can find more info at:

• http://support.apple.com/kb/HT4933?viewlocale=en_US
• http://support.apple.com/kb/TS4019

Actually, Mr. Fields' problem was probably a hacked e-mail account at the time he posted last year. Reporting the message would not solve that problem.

If it was actually a spoof, reporting to Apple also would not help. Spoofed e-mail has forged headers, and even if you trace it back to the source, as your example demonstrates, that source is generally not helpful to report. Really, those reporting addresses are actually just for e-mail being sent from iCloud/MobileMe accounts so Apple can address that issue. There's very little they can do about any other spam.

The spoof/spam emails I’ve been recieving have been sent to both my primary email address @me.com—which is also my Apple ID—as well as to a couple of @me.com aliases that aren't curently in use.

I don’t have time or the necessary knowlegde to address anything beyond forwarding spam/spoof/phishing emails to someone who might; however, it was unduly difficult to find the correct email addresses to which such emails should be forwarded. Since it seemed like other people were having the same problem, I posted my findings. ：）

For what it’s worth, I’ve found 2 more email addresses to which spam/spoof emails can be forwarded:

• reportphishing@apple.com
• phishing-report@us-cert.gov

thanx!!

ab/simsboynton